How this Retailer Could have Kept my Business with Better IT Security Process

Posted by Heather Howland on Nov 3, 2017 8:24:28 AM

Hmm, I thought I remembered my password. As I tried to log into my account with a large retailer known for their athletic wear, I click the forgot password link. I enter my email address.

Read More

Topics: Security Skills, Multi-factor Authentication, Identity Verification, Credential Compromise

How Security Operations Can Safely Stop Investigating Benign True Positives

Posted by Eran Cohen on Apr 20, 2017 8:45:19 AM

True Positives. It’s a topic of great interest to me. Security Operations can spend a lot of time dealing with separating out the truly non-malicious events. There is an easier way. But, before we go further, let’s align and calibrate on the terminology of True/False Positives/Negatives. Some of these terms have varying levels of agreement. It reminds me of VLAN-- you can have 5 people in the room and there will be 6 different definitions for it. To make sure we are on the same page, let's start with basic definitions accompanied with real life examples. 

Read More

Topics: Security Skills, User and Entity Behavior Analytics, ueba, Incident Response

Reducing Incident Management Noise With Your Own Employees

Posted by Eran Cohen on Feb 17, 2017 11:21:58 AM

Noise. Noise. Noise. Our world is noisy. It's all over the place. Visual noise, physical noise. And then there is the noise which bothers analysts in the security industry. I am referring to the security signal to noise ratio that is only growing and growing because of the evolving techniques, various data sources and the unknown threats that we all want to catch (or is it afraid to miss?). In fact, the elephant has left the room and is now visible to all.

Read More

Topics: Security Skills, ueba, Incident Response

The New IT Security Job Requirements: Scientist, Psychologist, Psychic, Businessman

Posted by Ajit Sancheti on Feb 3, 2017 4:15:39 PM

In a recent article I wrote for ITSP Magazine, I discussed one of the prominent challenges that enterprises are facing today: the IT Security talent shortage. CISOs want to fill their security team bench with specialized engineers. The problem is, they aren’t readily available. In this post, I will share some of the highlights from the article and talk more about how to optimize skill development so we can grow the talent base for IT Security pros.

Read More

Topics: User Behavior, Security Skills, big data

Study Finds Insider Threats Becoming More Concerning than External IT Security Threats

Posted by Heather Howland on Dec 1, 2016 6:09:40 AM

The macro trend for IT security professionals is shifting. The security risk of insider threats is real and  has become of equal importance to organizations. Insider threats take many forms - from employees bending the rules to get their jobs done more efficiently, to unhappy employees with malicious intent, to  workers who unintentionally install malware, and even 3rd party vendors or partners that don’t follow security policies.

Read More

Topics: CISO, Privileged Users, Insider Threats, Security Skills

How Much Management Do You Need to Dedicate to UEBA? [Part 5 - Blog Series]

Posted by Heather Howland on Nov 11, 2016 4:54:15 PM

In this final blog of the series “A Closer Look Inside UEBA: Top 5 FAQs,” we’re going to discuss what it takes to manage UEBA and how it can make security teams much more efficient and less overwhelmed. 

Read More

Topics: CISO, Security Skills, ueba

The “Crying Wolf” Rating and Other Security Investment Qualifiers

Posted by Steve Herrod on Oct 27, 2016 3:50:21 PM

There is a lot of noise in the cybersecurity space with every company trying to differentiate itself by claiming to be the “next big thing”, but so few have risen to the top. And the security market has changed a lot in the past couple years. As a venture capitalist, I often get asked about how I see the market changing and how we cut through the noise to find and fund companies that are doing something truly unique and innovative and that really solves customer problems.

Read More

Topics: CISO, Insider Threats, Security Skills, ueba

Finding Nirvana: Preventing Threats vs Disrupting Business

Posted by Boris Danilovich on Sep 15, 2016 11:41:29 AM

As Benjamin Franklin once said “An ounce of prevention is worth a pound of cure.” As Enterprises continue to build out and reinforce their IT security strategy, a keen eye is being put toward “preventative” solutions. With the rise in insider threats and compromised credentials, this is no surprise.

Read More

Topics: Insider Threats, Security Skills, Multi-factor Authentication

Five Common Misconceptions In Enterprise Security Organizations - Part One

Posted by Eyal Karni on Jul 28, 2016 9:40:49 AM

In Enterprise security organizations decisions are often made without looking at the big picture. Putting together a security strategy is hard. And sometimes it’s impossible to fully understand the different features and advantages different security solutions provide versus what the organization really needs. Current trends, rumours, lack of security skills or the need to feel secure might have an impact on these decisions. Without a comprehensive knowledge of security--like good attackers or good security researchers often have--an organization can leave themselves exposed.

Read More

Topics: Security Skills, APT, Domain Controller